How to Defend Against the Rise of Ransomware

Tag Archives: Electronic Health Records

How to Defend Against the Rise of Ransomware

defend against ransomware

Cybersecurity has been a major concern with the rise of ransomware incidents over the past few years. This form of cyber attack is an ever-growing problem that affects many industries but often targets healthcare organizations. By knowing what vulnerabilities to watch out for, using a secure Electronic Health Record (EHR), and educating your staff on security best practices you can protect your healthcare agency and defend against the rise of ransomware threats.

Ransomware is a form of malware that refuses access to the target’s data. Targeted organizations are asked to pay a ransom in order to recover their files and often paying that ransom is the most cost-effective way to get their data back. As such, ransomware has become a very lucrative criminal activity and continues to self-fund itself as the next generation of ransomware evolves to be even more sophisticated. With this, the cost of each ransom continues to rise as well. Healthcare providers are one of the most susceptible and impacted industries because of the wealth of sensitive, personal health information (PHI) files they contain. These records can be traded for hundreds of dollars each and are often sold several times. Healthcare system security is also often more vulnerable because security is often driven more by compliance than modern security best practices. 

This form of malware has the ability to infect any type of computer including mobile devices, IoT, routers, cloud storage, etc. but it often gains access through devices such as a printer, medical equipment, or other connected devices. When security scans are done by healthcare agencies to assess security vulnerabilities, often these devices are ignored because they are waived as low to medium vulnerability. It is often those low to medium vulnerability devices which are targeted; however, because they are often not prioritized to be secured and offer an easy way to gain access to your network. Make sure your healthcare agency is securing any and all vulnerabilities in your network and not just those which are flagged as high vulnerability targets. 

Additionally, make sure your EHR system is secure as it houses all of the records that threat actors are trying to gain access to. You can start by using an EHR with security certifications issued by reputable accrediting agencies such as databrackets. This will ensure your EHR has been audited on their ability to provide secure data management and is even more secure against the rise of ransomware. Extra layers of protection for your EHR like Multi-Factor Authentication is also recommended. Having an EHR vendor that provides regular data backups, a great incident response, and has contingency plans in place in the event of an attack are also advisable.

Finally, be sure your staff makes moves to increase security and protect patient data from ransomware. The primary ways that ransomware attacks happen are via malicious phishing emails meant to trick the recipient into disclosing login credentials. These credentials are then used to access your websites, applications and business data. The data they gain access to is then encrypted so that your agency cannot access it unless you pay the ransom. Because of this, oftentimes, the weakest security link at any organization is its employees. Educate all staff on password security, email security and not sharing work laptops with family and friends. Your staff should be informed that spam filters will not stop all malicious emails.  

According to an article by databrackets, ransomware attacks have cost U.S. healthcare organizations $157 million since 2016 and the individual ransom of 1,400 clinics, hospitals, and other healthcare organizations varied from $1,600 to $14 million per attack. Defending your organization’s data is more critical than ever, but if your staff follows these security measures, you can protect yourself from the rise in ransomware.

Finding a Trustworthy EHR Vendor

finding a trustworthy ehr vendor

Finding a trustworthy EHR vendor is important. The investment in a new system is significant and carries risks and consequences of failure. When your healthcare agency is shopping for a new EHR system, do your due diligence and vet your vendor as well. Do not exhaust your budget for a system that comes with hidden costs, fails to live up to expectations or is lacking support to go with the system you purchased.

Make sure any EHR vendors you are evaluating are providing a clear understanding of their pricing. Will they provide the total cost of ownership for their solution? Have you gotten deep into the process of consideration only to find they failed to mention additional fees like training? Be wary of hidden add-on costs after implementation also. If an EHR vendor has a lot of 3rd parties they work with instead of integrating their own tools they are likely to have additional costs. Stay within your budget and avoid being nickel and dimed. A trustworthy EHR vendor will outline all of their costs for you.

Other pitfalls to watch out for is vagueness on the part of EHR vendors about what their systems can do, having reputations for overpromising on development then failing to deliver, and lying about system functionality. A trustworthy EHR vendor will be clear on how their systems operate and will be happy to demo them for you. You will feel confident knowing what you are purchasing. A trustworthy vendor will also have a good track record of following through on development timelines and doing what they said they would. Be wary of EHR vendors whose customers have reviewed as selling a product that does not do what they said it would. 

Finally, in seeking out a trustworthy EHR vendor, make sure the vendor team is there for you beyond just the software itself. A great vendor will value relationships and collaboration and will form a true partnership with your healthcare organization. They will be responsive to your customer service and IT support needs, which will help your bottom line. They will also be responsive to your changing needs to meet compliance regulations, connect with different HIEs and immunization registries, and to adjust for improvements in your workflow. An EHR vendor you can trust is committed to your industry and operates as a living software that is constantly innovating for healthcare IT. Seek vendors that serve you while you serve the community.

Whether you are shopping for an EHR for the first time or limping along with one that nickel and dimes you, does not meet your needs, or fails to offer you proper support – remember you have options. Evaluate EHR Solutions and consider the importance of the people and company you are working with. Trustworthy EHR vendors will be transparent, have solid reputations and be committed to serving you.

Patagonia Health Joins the Carequality Network

carequality network

Patagonia Health, an Electronic Health Record (EHR) software company serving Public Health and Behavioral Health agencies, has now joined the Carequality network. Carequality is a national-level, consensus-built, common interoperability framework built to connect many health data sharing networks. Carequality currently coordinates care between 600k care providers, 50k clinics and 4,200+ hospitals. Interfacing with Carequality will help Patagonia Health’s customers access and transmit patient data more seamlessly between these other healthcare entities and speed up their administrative functions of obtaining health records.

Health Information Exchanges are nothing new yet these have been mostly disparate local or state networks. Carequality being a national network-to-network trust framework gives providers access to a much larger pool of patient data. Carequality can be leveraged by existing networks (HIE, Vendor, Payer, PHR, etc.) and service providers (e.g. record locator services) to enable the sharing of data across these diverse networks, services and their participants. The search feature on the Carequality website allows agencies to see which providers are sharing health data.  

“An HIE is only as strong as its HIE members,”  says Jolie Rollins, Sales Engineer, Patagonia Health. “The more stakeholders who contribute patient data on the network, increase the value to everyone on the network, driving better decision making and patient outcomes.” 

Using Carequality aids healthcare agencies’ workflow by allowing them to obtain patient data from or share patient data with more in-network providers. They would be able to receive and transmit patient information with any others in the Carequality network. This helps healthcare providers minimize their administrative functions. It eliminates several steps involving phone calls and faxes to request or send medical records. It also reduces wait times for that information exchange.

Patagonia Health is committed to pushing the future of healthcare forward with its innovative and secure EHR technologies. Their modern, cloud and apps-based solution is interoperable with tools healthcare agencies need and is certified for meaningful use. By interfacing with the Carequality network, this is just one further step Patagonia Health is making to better serve their customers in Public and Behavioral health. Streamlined solutions like these help keep the focus on patient care and away from the burnout associated with administrative tasks.

About Patagonia Health, Inc.

Patagonia Health, Inc. is a healthcare software supplier with a cloud and apps-based software solution that is designed specifically for Public Health Departments, Federally Qualified Health Centers (FQHC), Community Health Centers (CHC) and Behavioral Health agencies. Their solution includes an integrated, federally-certified, Electronic Health Record (EHR), Practice Management (PM) and Billing software. For more information, visit

Patagonia Health Hires Clark McKenna as New Strategic Account Executive

Patagonia Health Hires Clark McKenna

Patagonia Health, Inc., a leading supplier of Electronic Health Record (EHR) solutions to the Public Health, Behavioral Health and Federally Qualified Health Center (FQHC) markets, recently expanded its sales team by adding a Strategic Account Executive.  Clark McKenna joins the team bringing a broad range of experience to this new position at Patagonia Health, including enterprise and international strategic development as well as Tier 1 and Tier 2 channel partnerships.

“Clark joins Patagonia Health during a time of unprecedented transition in the Public Health and Behavioral Health markets. He will work closely with our partner community as well as large and state level health departments to drive the transformation efforts to Public Health 3.0” says Amos Slaymaker, VP of Sales and Marketing at Patagonia Health.

Over the past few years, Patagonia Health has been accelerating to high levels of growth. Clark will focus on strategic sales activity, including 3rd-party partnerships, to help Patagonia Health continue this trend.

“Patagonia Health is laser focused recognizing the importance of strategic relationships with large public and behavioral health agencies guiding them through the evolution of the workflow, infrastructure, partnerships, data analytics, sustainable funding, managing social determinants of health and interoperability” states McKenna. He will serve as the main point-of-collaboration by adding value to the buyer-seller relationship and a resource to both parties minimizing risk and driving the expected value throughout the implementation process. 

Patagonia Health will continue to be the trusted advisors Public Health Departments, and others, turn to for assistance evaluating Electronic Health Records solutions. “With Patagonia Health’s commitment to providing easy-to-learn therefore, easy-to-use software, I am thrilled to be part of the team” says McKenna.  Most recently Clark served executive roles at The Carlyle Group’s Visionary RCM, Oracle, McKesson, VOW and CompuGroup Medical.   

7 Tips for Successful EHR Implementation

successful ehr implementation tips

After you have chosen a new Electronic Health Records (EHR) solution, how do you smoothly transition to it? Follow these 7 tips for successful EHR implementation. 

Set realistic goals and expectations.

Is it realistic to think you will be paperless in 1 month? Do all of your programs need to go-live at once or is a phased approach better? What are the politics in your agency? Who is going to be the most resistant to change and maybe should not be a super user or the department to go-live first? Consider these things and set realistic objectives towards successful EHR implementation.

Keep everyone informed and involved.

Make sure your staff understands the goals for your new EHR solution and implementation timeline. Consider involving staff in the selection and implementation process also because participation increases adoption and excitement.

Keep leadership involved.

Keep leadership involved after the decision making process of selecting your EHR. Leadership should be visible, engaged with the training, open and communicative. Leadership sets the tone for the entire project and can help ensure successful EHR implementation.

Educate leaders on change management. 

Educate your leadership on change management. Like the stages of grief, there is an emotional reaction that comes from switching solutions. This should be expected and supported. Understanding the change management curve and appropriate responses will help your leadership team and staff through this process effectively. 

Be communicative with your vendor.

Be communicative and willing to work with your vendor. Seek out acceptable solutions for all involved when issues happen to be sure of a successful EHR implementation. 

Make it fun!

For go-live, consider bringing in breakfast or lunch. You can decorate the lobby.  You could also host an award ceremony at the end of the first month with awards such as: Super User in Training, Best Attitude, Most Helpful, Overcame Most Challenges, Department Most Likely to be Paperless, etc.

Evaluate training.

Before you consider your staff fully trained, assess whether your staff members have practiced multiple training scenarios and whether clinicians have dedicated time outside of their patient hours to learn the new system. Take the time to make sure all users are well versed in the new system and utilize all training available from your vendor.